Box’s new service lets users hold on to their own encryption keys

0 Comments

Credit: Courtesy of Box

It’s only been a few weeks since Box went public, but the file-sync company with a work-collaboration bent is rolling out a new encryption-key feature to entice big-name companies like the General Electrics of the world who are hesitant to jump to the cloud for security reasons.

Called Box Enterprise Key Management (EKM), the new tool basically allows for users to have full control of their encryption keys while still being able to use the [company]Box[/company] platform. Box will be working with customers to install an encryption appliance from the company SafeNet called a hardware security module (HSM) in both their on-premise data centers as well as in Amazon Web Services, according to a Box blog post by CEO Aaron Levie.

Each file that a customer sends over to his or her Box account gets a unique key “for each version of the file,” which Box then shoots over to the HSM; the appliance then encrypts the file “with the customer’s own key,” Levie wrote. At this point, Levie said that customers now have full control of the encryption key and Box can only access those files with customer approval.

What’s interesting is the role Amazon plays in this, which Levie doesn’t expand too much on in his post. According to a blog post by AWS chief evangelist Jeff Barr, the new feature “is powered by AWS CloudHSM,” which is the service that essentially links the HSM to a customer’s AWS cloud.

From the blog post detailing AWS CloudHSM:
[blockquote person=”” attribution=””]As part of the service, you have dedicated access to HSM capabilities in the cloud. AWS CloudHSM protects your cryptographic keys with tamper-resistant HSM appliances that are designed to comply with international (Common Criteria EAL4+) and U.S. Government (NIST FIPS 140-2) regulatory standards for cryptographic modules. You retain full control of your keys and cryptographic operations on the HSM, while Amazon manages and maintains the hardware without having access to your keys.[/blockquote]

I reached out to Box to elaborate a bit more on the role AWS’s technology plays into this new feature as well as if works across other cloud providers like [company]Google[/company] and [company]Microsoft[/company] and I’ll update this post if I hear back.

The new security tool is now available in beta and should be ready for public consumption this coming spring.

Update – 2:32 PM PT. A Box spokesperson sent us some comments.

Regarding if we will see similar features rolled out for other cloud providers:

Regarding how the new feature utilizes AWS:
[blockquote person=”Box spokesperson” attribution=”Box spokesperson”]AWS CloudHSM is the hosting partner for the HSMs, that are part of the new Box EKM architecture. We are listening to our customers on their preferences for additional partners.[/blockquote]

Comments are closed.